North Korean hackers are targeting banks and financial institutions around the world, according to a Russian cybersecurity firm.
The rogue state has now been linked to cyber attacks in 18 countries all over the world, Kaspersky warned at a cybersecurity conference on the Caribbean island of St. Maarten yesterday.
Attacks on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam had previously been identified by security experts as coming from North Korea but Kaspersky said those findings were just the tip of the iceberg.
The firm's researchers claim that the same "Lazarus" hacking group that targeted the previously mentioned nations also conducted attacks on financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
Kaspersky said the hackers took steps to conceal their location, routing their signal through France, South Korea and Taiwan to set up an attack server. But they were allegedly not careful enough and Kaspersky briefly spotted a connection from North Korea.
The hermit kingdom has long been suspected of conducting cyber attacks, such as hacks on South Korean broadcasters and Sony Pictures, but the targeting of financial institutions is a more recent development.
BAE Systems, FireEye and Symantec said that the shift of focus began in late 2015 with a Vietnamese bank one of the first victims.
So far most of the attacks have not been successful in stealing money but according to Symantec some have been.
It is now feared that the Lazarus team could use their growing expertise to target western banks.
The aim of the North Korean could be to build a network of infected banks to move around stolen money, experts warn.
North Korea is currently being investigated in the US over a hack at the New York Federal Reserve last year.
Millions of dollars were stolen from Bangladesh's account at the bank last year and moved to Sri Lanka and a casino in the Philippines, according to investigators.
North Korea allegedly tried to funnel some of that money through an infected bank in Southeast Asia, according to a researcher at FireEye. But an emergency team at FireEye blocked the transaction in time.
Anthony Ruggiero, a senior fellow for Foundation for Defense of Democracies who tracks North Korea's illegal behavior, said the hacking operations were aimed at collecting money for the state's weapons programs.
"This is all for their nuclear weapons and missile programs," he told CNN.
"They need this money for building and researching more ballistic missiles."